CVSS: 7.5EPSS: 1%CPEs: 120EXPL: 0CVE-2014-3165
https://notcve.org/view.php?id=CVE-2014-3165
Use-after-free vulnerability in modules/websockets/WorkerThreadableWebSocketChannel.cpp in the Web Sockets implementation in Blink, as used in Google Chrome before 36.0.1985.143, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an unexpectedly long lifetime of a temporary object during method completion. Vulnerabilidad de uso después de liberación en modules/websockets/WorkerThreadableWebSocketChannel.cpp en la implementación Web Sockets en Blink, utilizado en Google Chrome anterior a 36.0.1985.143, permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto a través de vectores que provocan un tiempo de vida inesperadamente largo de un objeto temporal durante el completado del método. • http://googlechromereleases.blogspot.com/2014/08/stable-channel-update.html http://secunia.com/advisories/59904 http://secunia.com/advisories/60798 http://security.gentoo.org/glsa/glsa-201408-16.xml http://www.debian.org/security/2014/dsa-3039 http://www.securityfocus.com/bid/69201 http://www.securitytracker.com/id/1030732 https://code.google.com/p/chromium/issues/detail?id=390174 https://exchange.xforce.ibmcloud.com/vulnerabilities/95247 https://src.chromium.org/viewvc/blink?revisio •
CVSS: 6.4EPSS: 0%CPEs: 101EXPL: 0CVE-2014-3159
https://notcve.org/view.php?id=CVE-2014-3159
The WebContentsDelegateAndroid::OpenURLFromTab function in components/web_contents_delegate_android/web_contents_delegate_android.cc in Google Chrome before 36.0.1985.122 on Android does not properly restrict URL loading, which allows remote attackers to spoof the URL in the Omnibox via unspecified vectors. La función WebContentsDelegateAndroid::OpenURLFromTab en components/web_contents_delegate_android/web_contents_delegate_android.cc en Google Chrome anterior a 36.0.1985.122 en Android no restringe debidamente la carga de URLs, lo que permite a atacantes remotos falsificar la URL en el Omnibox a través de vectores no especificados. • http://googlechromereleases.blogspot.com/2014/07/chrome-for-android-update.html https://code.google.com/p/chromium/issues/detail?id=352083 https://src.chromium.org/viewvc/chrome?revision=273865&view=revision • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 1%CPEs: 105EXPL: 0CVE-2014-3160
https://notcve.org/view.php?id=CVE-2014-3160
The ResourceFetcher::canRequest function in core/fetch/ResourceFetcher.cpp in Blink, as used in Google Chrome before 36.0.1985.125, does not properly restrict subresource requests associated with SVG files, which allows remote attackers to bypass the Same Origin Policy via a crafted file. La función ResourceFetcher::canRequest en core/fetch/ResourceFetcher.cpp en Blink, utilizado en Google Chrome anterior a 36.0.1985.125, no restringe debidamente las solicitudes de subrecursos asociados con ficheros SVG, lo que permite a atacantes remotos evadir Same Origin Policy a través de un fichero manipulado. • http://googlechromereleases.blogspot.com/2014/07/stable-channel-update.html http://secunia.com/advisories/60061 http://secunia.com/advisories/60372 http://security.gentoo.org/glsa/glsa-201408-16.xml http://www.debian.org/security/2014/dsa-3039 http://www.securityfocus.com/bid/68677 https://code.google.com/p/chromium/issues/detail?id=380885 https://src.chromium.org/viewvc/blink?revision=176084&view=revision • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 105EXPL: 0CVE-2014-3162
https://notcve.org/view.php?id=CVE-2014-3162
Multiple unspecified vulnerabilities in Google Chrome before 36.0.1985.125 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google Chrome anterior a 36.0.1985.125 permiten a atacantes causar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2014/07/stable-channel-update.html http://secunia.com/advisories/60061 http://secunia.com/advisories/60372 http://security.gentoo.org/glsa/glsa-201408-16.xml http://www.debian.org/security/2014/dsa-3039 http://www.securityfocus.com/bid/68677 https://code.google.com/p/chromium/issues/detail?id=393765 •
CVSS: 7.5EPSS: 0%CPEs: 101EXPL: 0CVE-2014-3161
https://notcve.org/view.php?id=CVE-2014-3161
The WebMediaPlayerAndroid::load function in content/renderer/media/android/webmediaplayer_android.cc in Google Chrome before 36.0.1985.122 on Android does not properly interact with redirects, which allows remote attackers to bypass the Same Origin Policy via a crafted web site that hosts a video stream. La función WebMediaPlayerAndroid::load en content/renderer/media/android/webmediaplayer_android.cc en Google Chrome anterior a 36.0.1985.122 en Android no interactúa debidamente con las redirecciones, lo que permite a atacantes remotos evadir Same Origin Policy a través de un sitio web manipulado que hospeda un flujo de vídeo. • http://googlechromereleases.blogspot.com/2014/07/chrome-for-android-update.html https://code.google.com/p/chromium/issues/detail?id=334204 https://src.chromium.org/viewvc/chrome?revision=266396&view=revision • CWE-264: Permissions, Privileges, and Access Controls •